No Love for Storm Worm

by Erin on January 17th, 2008 in Security Alerts, Security Tips.

Researchers predicted that Storm was on the horizon for a new spam bout in mid-February - in order to take advantage of Valentines Day - but it seems to have hit a month early.

You may enjoy seeing messages of love in your e-mail inbox, but you need to be especially cautious of their validity; Storm is now using affectionate notes to worm its way into users' computers.

Storm worm operates by using social engineering to infect users, compromise PCs, and ultimately form botnets used to propagate cyber crime. Here's how it works: the computer user receives a spam message, disguised as an e-greeting card, news article, or notification of other current events, in an attempt to con the victim into installing the botnet-forming Trojan. The recipient becomes infected after opening an attachment or clicking on a link in the message.

What we're seeing now, reports say, is loved-themed e-mail messages containing a link to the page, shown above (Photo: Arbor Networks), prompting users to download a malicious executable file.

What can you do to avoid falling for this trick? Show no love for the Storm worm by being cautious of unsolicited e-mail (especially those with romance-themed messages) and making sure your PC is up-to-date and protected with security software. Stay tuned for more updates as this threat is known to change tactics to get past computer users' defenses.